From 467a7d47c13661d03be7b776d35fd0b01414eabc Mon Sep 17 00:00:00 2001
From: CVE Team <cve-request@mitre.org>
Date: Fri, 22 Dec 2017 19:03:42 -0500
Subject: [PATCH] - Synchronized data.

---
 2017/14xxx/CVE-2017-14022.json | 48 ++++++++++++++++++++++++--
 2017/17xxx/CVE-2017-17522.json |  2 +-
 2017/17xxx/CVE-2017-17849.json | 18 ++++++++++
 2017/17xxx/CVE-2017-17850.json | 63 ++++++++++++++++++++++++++++++++++
 2017/17xxx/CVE-2017-17851.json | 18 ++++++++++
 5 files changed, 145 insertions(+), 4 deletions(-)
 create mode 100644 2017/17xxx/CVE-2017-17849.json
 create mode 100644 2017/17xxx/CVE-2017-17850.json
 create mode 100644 2017/17xxx/CVE-2017-17851.json

diff --git a/2017/14xxx/CVE-2017-14022.json b/2017/14xxx/CVE-2017-14022.json
index 2ee8381dedc..e6ae7068b17 100644
--- a/2017/14xxx/CVE-2017-14022.json
+++ b/2017/14xxx/CVE-2017-14022.json
@@ -1,8 +1,31 @@
 {
    "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
+      "ASSIGNER" : "ics-cert@hq.dhs.gov",
       "ID" : "CVE-2017-14022",
-      "STATE" : "RESERVED"
+      "STATE" : "PUBLIC"
+   },
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
+            {
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "Rockwell Automation FactoryTalk Alarms and Events",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "Rockwell Automation FactoryTalk Alarms and Events"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name" : "n/a"
+            }
+         ]
+      }
    },
    "data_format" : "MITRE",
    "data_type" : "CVE",
@@ -11,7 +34,26 @@
       "description_data" : [
          {
             "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            "value" : "An Improper Input Validation issue was discovered in Rockwell Automation FactoryTalk Alarms and Events, Version 2.90 and earlier. An unauthenticated attacker with remote access to a network with FactoryTalk Alarms and Events can send a specially crafted set of packets packet to Port 403/TCP (the history archiver service), causing the service to either stall or terminate."
+         }
+      ]
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "lang" : "eng",
+                  "value" : "CWE-20"
+               }
+            ]
+         }
+      ]
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-341-02"
          }
       ]
    }
diff --git a/2017/17xxx/CVE-2017-17522.json b/2017/17xxx/CVE-2017-17522.json
index 2bb97d6842b..bf4b5c0d064 100644
--- a/2017/17xxx/CVE-2017-17522.json
+++ b/2017/17xxx/CVE-2017-17522.json
@@ -34,7 +34,7 @@
       "description_data" : [
          {
             "lang" : "eng",
-            "value" : "Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL."
+            "value" : "** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default shell=False setting."
          }
       ]
    },
diff --git a/2017/17xxx/CVE-2017-17849.json b/2017/17xxx/CVE-2017-17849.json
new file mode 100644
index 00000000000..5ef0800df1f
--- /dev/null
+++ b/2017/17xxx/CVE-2017-17849.json
@@ -0,0 +1,18 @@
+{
+   "CVE_data_meta" : {
+      "ASSIGNER" : "cve@mitre.org",
+      "ID" : "CVE-2017-17849",
+      "STATE" : "RESERVED"
+   },
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+         }
+      ]
+   }
+}
diff --git a/2017/17xxx/CVE-2017-17850.json b/2017/17xxx/CVE-2017-17850.json
new file mode 100644
index 00000000000..ad256611052
--- /dev/null
+++ b/2017/17xxx/CVE-2017-17850.json
@@ -0,0 +1,63 @@
+{
+   "CVE_data_meta" : {
+      "ASSIGNER" : "cve@mitre.org",
+      "ID" : "CVE-2017-17850",
+      "STATE" : "PUBLIC"
+   },
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
+            {
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "n/a",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "n/a"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name" : "n/a"
+            }
+         ]
+      }
+   },
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point."
+         }
+      ]
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "lang" : "eng",
+                  "value" : "n/a"
+               }
+            ]
+         }
+      ]
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "url" : "http://downloads.asterisk.org/pub/security/AST-2017-014.html"
+         },
+         {
+            "url" : "https://issues.asterisk.org/jira/browse/ASTERISK-27480"
+         }
+      ]
+   }
+}
diff --git a/2017/17xxx/CVE-2017-17851.json b/2017/17xxx/CVE-2017-17851.json
new file mode 100644
index 00000000000..844d7616b1c
--- /dev/null
+++ b/2017/17xxx/CVE-2017-17851.json
@@ -0,0 +1,18 @@
+{
+   "CVE_data_meta" : {
+      "ASSIGNER" : "cve@mitre.org",
+      "ID" : "CVE-2017-17851",
+      "STATE" : "RESERVED"
+   },
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+         }
+      ]
+   }
+}